diff --git a/scripts/oslib.sh b/scripts/oslib.sh index ac1ec19..4ddb3e8 100644 --- a/scripts/oslib.sh +++ b/scripts/oslib.sh @@ -397,9 +397,16 @@ install_openssh() { fi local sftp_pkg; sftp_pkg="$(pkg_name sftp-server)" # shellcheck disable=SC2046 - pkg_install $(pkg_name openssh-server) $(pkg_name openssh-client) ${sftp_pkg:+$sftp_pkg} - # Alpine needs linux-pam present for the PAM server build. - [[ "$OS_FAMILY" == alpine ]] && pkg_install linux-pam openrc + pkg_install $(pkg_name openssh-server) $(pkg_name openssh-client) ${sftp_pkg:+$sftp_pkg} || return 1 + # Alpine needs linux-pam present for the PAM server build. Use an if-block, + # NOT `[[ ... ]] && ...`: as the LAST statement, that trailing test makes the + # whole function exit 1 on every non-Alpine OS (a false `[[ ]]` returns 1) -- + # harmless to a bare call under `set -e`, but a caller guarding with `|| die` + # reads it as an OpenSSH install failure. The `|| return 1` above still + # surfaces a real package failure. + if [[ "$OS_FAMILY" == alpine ]]; then + pkg_install linux-pam openrc + fi } # Install sshguard + an iptables firewall backend. On RHEL/Alma sshguard lives